Visual image authentication and transaction authorization using non-determinism

ABSTRACT

Methods and systems described herein perform a secure transaction. A display presents images that are difficult for malware to recognize but a person can recognize. In at least one embodiment, a person communicates transaction information using visual images received from the service provider system. In at least one embodiment, a universal identifier is represented by images recognizable by a person, but difficult for malware to recognize. 
     In some embodiments, methods and systems are provided for determining whether to grant access, by generating and displaying visual images on a screen that the user can recognize. In an embodiment, a person presses one&#39;s finger(s) on the screen to select images as a method for authenticating and protecting communication from malware. 
     In at least one embodiment, quantum randomness helps unpredictably vary the image location, generate noise in the image, or change the shape or texture of the image.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application incorporates herein by reference U.S. ProvisionalPatent Application No. 61/698,675, entitled “No More Passwords”, filedSep. 9, 2012.

FIELD OF THE INVENTION

This specification relates to security in computers, mobile phones andother devices.

BACKGROUND

The subject matter discussed in the background section should not beassumed to be prior art merely as a result of its mention in thebackground section. Similarly, a problem mentioned in the backgroundsection or associated with the subject matter of the background sectionshould not be assumed to have been previously recognized in the priorart. The subject matter in the background section merely representsdifferent approaches, which in and of themselves may also be inventions.

LIMITATIONS AND WEAKNESSES OF PRIOR ART

A shortcoming in the prior art, recognized by this specification, isthat there is a lack of a secure integration of the identity of the userto the protection of the user's data and the control of the user'scomputer. A critical part of the computer instructions for an action ora transaction are usually executed on the host domain machine (e.g., theuser's computer). Some examples of the user's computer are a Mac BookPro, a Dell desktop computer, an IPhone, a Blackberry or an Androidphone. Currently cryptography keys are stored on the user's computer ora chip executing the operating system, which is not secure. For example,when Bob's computer communicates with Mary's computer, even when usingwell-implemented Public Key Infrastructure (PKI), Bob's computer canonly be sure that it is communicating with Mary's computer. Bob can notbe sure that he is communicating with Mary and vice versa. Similarly,even Bob cannot be certain that the communications he sends Mary are thesame as the communications that Mary receives as coming from him.

Sending a secure communication using Public Key Infrastructure (PKI)from one user machine to another user machine ensures communicationbetween the user machines, but may not ensure secure communicationbetween the users of the machines. Continuing, with the above example,as a result of the use of a Public Key Infrastructure, although Mary maybe reasonably sure that Mary's machine is communicating with Bob'smachine, Boris may be operating one or more computers in Russia and mayhave remotely broken into Bob's computer and may be using Bob's machineand pretending to be Bob.

In the prior art, each computer cannot be assured of who controls theother computer. For example, even when a user is present, an intruder(e.g., a hacker) may be physically located thousands of miles away, butis remotely logged onto the user's machine and hijacking the user'sintended action(s). Even the Trusted Platform Module (TPM) has thefundamental cyber security weakness of not knowing who controls theother computer with which a user may be in communication with or whocontrols the computer which contains the Trusted Platform Module. Notknowing the other computer with which a current computer is incommunication with may be a weakness that is significant when theoperating system can directly access the TPM. If the user's computer iscompromised, then the attacker can access the TPM. Another limitationand weakness of the TPM is that there is no mechanism for binding theidentity of the user to the user's cryptography keys and otherconfidential information that should be bound to the user's trueidentity.

Another shortcoming of cyber security is that a secure link is missingbetween the authentication of a valid user, and the authorization of anaction. The authorization of an action could be the execution of afinancial transaction from a user's bank account, a stock trade in auser's brokerage account, the execution of an important functionality onthe electrical grid, or access to important data on a private networksuch as SIPRnet (e.g. WikiLeaks). The authorization of an actiontypically occurs through the web browser since the web browser presentsa convenient interface for a person. However, the web browser is wherethe important connection between authentication of a user andauthorization of an action may be broken. Existing systems have the userauthenticating the user's computer, and then the same user's computeralso authorizes (and may also execute) the action. Since the user'scomputer can be hacked, the lack of a secure and direct link betweenauthenticating the user's computer and authorizing the action may renderthe act of user verification irrelevant.

Part of the disconnect (vulnerability) between authenticating the userand authorizing the user's action occurs, because authentication (e.g.,biometric authentication) is typically and naively represented as anon/off switch. That is, after the user has been authenticated and theinitial transaction approved, the remainder of the session is assumed tobe secure and all actions after authentication are assumed to belegitimate, without performing any further checks. In the same way, ifthis on/off implementation occurs in an untrusted computing environment,then outstanding biometric algorithms and sensor(s) become irrelevantbecause the biometric authentication can be circumvented between theuser authentication and the authorization or confidentiality part of thesecurity system.

The use of biometrics can be advantageous for security, becausebiometrics offers a reliable method for verifying who (the person) isthat is actually initiating a transaction. However, even with the use ofbiometrics, if the handling of the biometric information, the storage ofthe biometric data, or the control of actions based on a biometricverification is done on an unsecured user's computer, the value of thebiometrics may be greatly reduced or nullified.

An additional aspect of the weakness of current authentication andauthorization processes (such as those using biometrics) is that theaction can be hijacked by executing a Trojan attack on the user'scomputer, for example. A Trojan attack is an attack in which theattacker pretends to be the user and/or the other system to which theuser is communicating with. In other words, a valid, authorized usercannot verify that the action he or she is trying to execute is what isactually being executed, because a third party may be masquerading asthe other system.

An example of this weakness is the untrusted browser attack used todivert money from a user's bank account. Mary's web browser may displayto her that she is about to send $500 to Bob's account, but in realityher untrusted browser is configured to send $50,000 to a thief's bankaccount.

Since the web browser is executed on the user's computer, the browsercannot be trusted even when using PKI and one-time passcodes! A recentuntrusted browser attack on the gold standard of security, RSA SecurID,demonstrates this surprising fact. The consequences of this particularcyberattack were that $447,000 was stolen from a company bank account ina matter of minutes, even though the valid user was using one-timepasscodes to make the transaction more secure. The details of thiscyberattack are quoted below in a MIT Technology Review, entitled“Real-Time Hackers Foil Two-Factor Security,” Sep. 18, 2009, whichstates, In mid-July, an account manager at Ferma, a construction firm inMountain View, Calif., logged into the company's bank account to paybills, using a one-time password to make the transactions more secure.Yet the manager's computer had a hitchhiker. A forensic analysisperformed later would reveal that an earlier visit to another websitehad allowed a malicious program to invade his computer. While themanager issued legitimate payments the program initiated 27 transactionsto various bank accounts, siphoning off $447,000 in a matter of minutes.“They not only got into my system here, they were able to ascertain howmuch they could draw, so they drew the limit,” says Roy Ferrari, Ferma'spresident. The theft happened despite Ferma's use of a one-timepassword, a six-digit code issued by a small electronic device every 30or 60 seconds. Online thieves have adapted to this additional securityby creating special programs—real-time Trojan horses—that can issuetransactions to a bank while the account holder is online, turning theone-time password into a weak link in the financial security chain. “Ithink if a broken model,” Ferrari says. Security experts say that banksand consumers alike need to adapt—that banks should offer their accountholders more security and consumers should take more steps to staysecure, especially protecting the computers they use for financialtransactions. ‘We have to fundamentally rethink how customers interactwith their banks online,’ says Joe Stewart, director of malware(malicious software) research fear security firm SecureWorks, inAtlanta, Ga. ‘Putting all the issues with the technology aside, if[attackers] can run their code on your system they can do anything youcan do on your computer. They can become you.”

There is now widespread understanding, both in popular and technicaldomains, of the theoretical and practical fragility of onlinetransaction security. The RSA SecurID® token is the industry-leadingtechnology for authenticating and securing identity in onlinetransactions. The recent attack and subsequent breach of the RSA SecurIDtoken (announced March 2011) has highlighted the fundamental problemswith current cybersecurity solutions. Malware played a significant rolein causing this breach. Malicious software has many forms: virus, worm,Trojan horse, spyware etc. all of which have the singular purpose ofundermining the security, confidentiality, integrity or availability ofcomputer systems. Recent über malware is invisible. It encrypts andcamouflages itself using the same mathematical techniques used bytraditional, white hat cryptography. Eric Filiol, “Malicious Cryptologyand Mathematics,” Cryptography and Security in Computing (Intech, 2012),pp. 23-50.http://cdn.intechopen.com/pdfs/29700/InTechMalicious_cryptology_and_mathematics.pdf

Malware is able to phish passwords or hijack financial transactions madevia mobile devices or personal computers without the user's knowledge.It is not necessary for malware to break the cryptography of a device tocompromise its security. Contemporary computers and electronic devicesare particularly susceptible to malware attacks due to their processorarchitecture.

Specifically, the processors have a von Neumann architecture, which onlyexecute one computing instruction at a time. As a consequence, malwarehas to corrupt or transform only a single machine instruction toinitiate execution of malignant code. This is a deep vulnerabilityarising from current processor architecture and it cannot be easilyrectified. Only one legitimate jump or branch instruction needs to bechanged in a digital computer program to start it executing malware.During machine execution, after the von Neumann machine program has beenhijacked by malware, anti-virus software, that is supposed to check theprogram, might not get executed, may be disabled or in other cases maynever detect the malware. The sequential execution of von Neumannmachine instructions hinders a digital computer program from protectingitself

A common malware technique is the so-called “man-in-the-middle” attack.This attack is an active form of eavesdropping in which the attackermakes independent connections with the counterparties in a giventransaction; by using appropriate authentication the attacker controlsthe entire transaction. The counterparties are unaware of the presenceof the attacker and assume they are transacting securely with eachother. Internet communications and financial transactions can beintercepted and hijacked by malware (malicious software) performing a“man-in-the-middle” attack. These attacks are not easy to detect orprevent. In particular, the RSA SecurID breach demonstrated thatpseudo-random number generators (i.e., deterministic algorithms),typically used in two-factor authentication solutions cannot prevent“man-in-the-middle” attacks launched by malware.

Malware, however, has a significant weakness: malware is poor atrecognizing visual images since computer algorithms cannot match thevisual pattern recognition ability of the human brain. Human beings havehighly advanced visual pattern recognition skills. The embodimentsdescribed here exploit this fundamental weakness of malware.

A third fundamental shortcoming of current cybersecurity solutions isthe fact that static authentication factors, such as passwords, PINs andbiometrics, entered directly into the user's computer or stored oncomputers in a digital or binary format such as ASCII code. Thisweakness makes static authentication factors vulnerable to phishingattacks in the host domain or security breaches in the network domain.

BRIEF DESCRIPTION OF THE DRAWINGS

In the following drawings like reference numbers are used to refer tolike elements. Although the following figures depict various examples,the one or more implementations are not limited to the examples depictedin the figures.

FIG. 1A shows a block diagram of an embodiment of a system for executingsecure transactions resistant to malware.

FIG. 1B shows a memory system that is a component of the system shown in1A.

FIG. 2A shows a block diagram of an embodiment of a service providersystem.

FIG. 2B shows memory system that is a component of the system in FIG.2A.

FIG. 3 shows a flow diagram of a user setting up the system to enablethe execution of secure transactions.

FIG. 3A shows a flow diagram of an embodiment of step A of executing asecure transaction.

FIG. 3B shows a flow diagram of an embodiment of step B of executing asecure transaction.

FIG. 4 shows a collection of images that are parts or a whole of a logo.Some of the images are rotated.

FIG. 5 shows a collection of images. One is part of a logo. There are 26visual images of the alphabet letters “ABCDEFGHIJKLMNOPQRSTUVWXYZ”. Theword NAME is made up of a collection of images with a doodle backgroundtexture.

FIG. 6 shows a collection of images. One is part of a logo. Another isthe word BANK with a simplicial and dotted texture background. There are26 visual images of the alphabet letters “ABCDEFGHIJKLMNOPQRSTUVWXYZ”.

FIG. 7 shows a collection of images. One is part of a logo. Another isthe word “ACCEPT” written with bubble texture on a simplicial backgroundtexture. And a third is the word “ABORT” written with bubble texture ona foliation background texture.

FIG. 8 shows a collection of images. One object is a geometric image ofa blue rectangle on top of a blue triangle which is on top of a redblob. Just to the right is a rectangle with vertical texture on top of atriangle with dotted texture on top of a blob with simplicial texture.

FIG. 9 shows a collection of images, illustrating some differenttextures. FIG. 9 shows nine different textures: vertical, horizontal,mixed, dotted, bubble, simplicial and foliation.

FIG. 10 shows recipient account number 9568342710 represented by twodistinct collection of images. In the top representation, the number 3is represented with a visual image using a triangular texture. In thebottom representation the number 4 is represented with the letters“FOUR” using bubble texture to write the letters. There is also part ofa logo in the lower left corner of FIG. 10.

FIG. 11 shows a collection of images representing a universalidentifier. A subset of these can be used for user authentication.

FIG. 12 a shows a user interface page for enrollment.

FIG. 12 b shows a user interface page for enrollment that displaysdifferent visual image categories.

FIG. 12 c shows a user interface page for enrollment that displaysdifferent images in the “sports” category. One image represents“cycling”. Another image represents “tennis”. Another image represents“skiing”.

FIG. 13 a shows a user interface page for user verification or userlogin using visual images.

FIG. 13 b shows a user interface page for user verification thatdisplays different visual images. One image displays an elephant.Another image displays a car.

FIGS. 14 a, 14 b and 14 c show the use of correlation to detect and findthe locations of features in an image.

FIG. 14 a shows an image of the word “apple” in a handwritten stylefont.

FIG. 14 b shows an image, representing the letter “p” in a handwrittenstyle font.

FIG. 14 c shows a correlation function image, indicating the detectionof the presence and exact locations of the letter “p” in the image in14, indicated by the bright peaks.

FIGS. 15 a, 15 b and 15 c show the use of special types of noise tohinder the use of the correlation operation to find features in animage.

FIG. 15 a show an image, representing the word “apple” in the samehandwritten style font as FIG. 14 a, but with non-deterministic noiseadded.

FIG. 15 b shows a raw image, representing the letter “p” in ahandwritten style font.

FIG. 15 c shows an unintelligible correlation function image, indicatingthe inability to detect the locations of the “p” in the image in FIG. 15a.

FIG. 16 shows a semiconductor device that is a photodetector. Thishardware device can detect the arrival of single photons, which is anembodiment of quantum randomness.

FIG. 17 shows a device that receives a polarized photon and splits itinto a linear/horizontal vertical analyzer with 50% chance of detectinga “0” or “1”. This hardware device can detect the polarization of singlephotons, which is an embodiment of quantum randomness. Under the deviceis a diagram representing a photon that is circularly polarized. Underthe device, on the right, is a diagram representing a photon that islinearly polarized.

FIG. 18 shows a random noise generator and a digital logic circuit thatcaptures and outputs this randomness. Below the generator are the timedelays between separate events that are detected. In an embodiment, therandom noise generator may be implemented with a photodetector as shownin FIG. 16. In this embodiment, the arrival times of photons enablequantum randomness.

DETAILED DESCRIPTION

Although the issues discussed in the background or elsewhere may havemotivated some of the subject matter disclosed below, nonetheless, theembodiments disclosed below do not necessarily solve all of the problemsassociated with the subject matter discussed in the background orelsewhere. Some embodiments only address one of the problems, and someembodiments do not solve any of the problems associated with the subjectmatter discussed in the background or elsewhere. In general, the word“embodiment” is used to specify an optional feature and/orconfiguration.

A groundbreaking method for cybersecurity is described that is moresecure against modern malware, and provides a much better userexperience compared with passwords or hardware tokens such as SecurID.No More Passwords uses visual images that are selected by a user tocreate a set of “favorites” that can easily be recalled and quicklyselected by the user at login.

No more passwords leverages the superior power of eye-brain processingof humans versus machines to ensure that a human, and not a bot ormalware, is involved in a transaction or communication.

Underlying the simplicity of this approach is a security technology thatincludes:

-   A.) A non-deterministic random number generator hardware based on    quantum physics.-   B.) Noise modification of images using the random number generator.-   C.) Visual Image morphing, positioning and reordering based on the    random number generator.-   D.) Transaction-dependent passcodes.

The application of all these methods in concert addresses currentcybersecurity issues, as well as anticipating other possible approachesthat hackers may attempt in the future, while the flexibility of theapproach supports the creation of advanced, user-friendly user interfacedesigns.

Malware, phishing scams and other various forms of hacking andcybersecurity breaches have become a major issue today. The use ofpasswords is inadequate, inefficient and problematic for users andcompanies, and the problems with password use are increasing steadily.

The invention(s) described herein uses the unique, innate patternrecognition skills of humans to transform cybersecurity It advancesonline transaction security, which currently relies mainly on thestraightforward use of passwords or, in some cases, the addition ofother security enhancements that may provide some improvement insecurity, but are still inadequate. These measures typically increasethe cost of the system while greatly reducing the convenience to theuser.

Malware resistant authentication and transaction authorization isprovided through the combined application of various methods andembodiments. In an embodiment, this invention can eliminate use of thealpha-numeric “password” such as “34YUiklmn” or a sequence of ASCIIsymbols such as “94Yzi2_e$mx&” The invention(s) herein also provides abasis for a much-improved user interface and the overall user experiencearound securing online transactions, access control, and the protectionof an individual's personal data and identity.

The invention(s) described herein use visual representations (images)that are both personal and memorable to each individual user. There isan enrollment process in which the user selects a set of images from agroup of categories representing the user's “favorites.” At verification(i.e., login time) the user is asked to select some or all personalfavorites from a set of randomly-selected options as verification ofboth the user's identity and the fact that the user is in fact a humaninstead of an automated system that has hijacked the transaction flow.This approach has a number of advantages in terms of convenience to theuser, while allowing anti-malware methods to be applied that providesubstantial anti-hacking capability.

User Interface Design

The use of visual images to create a unique identity for a user has manyadvantages: The system is not only highly secure and resistant tovarious hacks and malware attacks, but is also intuitive, easy to useand attractive to users. The core technology behind an identity securitysystem should support a user interface (UI) that provides all of thesebenefits; there is sufficient flexibility in the UI design and a rangeof security-enhancing features that can be used together in various waysto allow the UI design to be tailored to the needs of both the user andthe device (e.g., PC, IPhone, Android IPhone, IPad, tablet computer) onwhich it is being used.

Since interaction with the user is a key part of the technology, it ishelpful to describe a UI design example for two reasons: 1) to ensurethat the technology is both effective and easy to use; 2) to helpexplain how embodiments work. The UI should be designed to run on thedevice(s) of choice within the intended application and tested forintuitiveness, ease of use, functionality, acceptance by andattractiveness to product users.

The UI described in this section is intended as an example design, andshows how it might be implemented on a mobile phone. The example shownhere is only meant to provide general clarity about what can be donewith this technology and to serve as a high-level use case to describethe flow for creating and entering a unique login identity for a user.

Enrollment.

To enroll, the user first initiates the enrollment. The process willstart with the launching of an application, or a request to enrollwithin a running application on a particular device such as a mobilephone, computer, terminal or website. In the example here, and figuresbelow, the device is a mobile phone and the user starts the enrollmentprocess by launching an app.

Once launched, the application starts enrollment by displaying the firstenrollment screen with a superimposed popup window that provides briefinstructions for enrollment and a box in which the user is asked toenter a username. This is shown in FIG. 12 a.

As soon as the username has been entered, the popup window disappears,showing the first enrollment screen that provides a list of categoriesfor the user's “favorites”, as shown in FIG. 12 b. These categories caninclude almost anything, such as animals, musical instruments, traveldestinations, famous people, sports, etc. In this example, a few itemsfrom the list of categories are displayed on the screen, but the centralportion of the screen with the category icons can be scrolled up or downto show other choices. The items that the user has currently chosen areshown as small icons at the bottom of the screen. This part of thedisplay (and the header at the top) does not scroll, and provides arunning tally of the user's choices throughout the process. This alsoserves as messaging to the user as to the progress of the enrollmentprocess.

In an embodiment, after a category has been selected, a second screenappears showing specific items in the chosen category. This screen isshown in FIG. 12 c. The tally of choices is carried over, and shown atthe bottom of this screen as well. Again, in this example, the centralportion of the screen with the icons can be scrolled up or down todisplay more than the nine items shown on the screen at one time. Theuser can then select his/her item from the available choices. Once aselection is made, the item chosen appears in the running tally below,and the display reverts back to the first enrollment screen whichprovides the category choices again.

This process is repeated seven times in this example. The number ofchoices required from the user for enrollment can be changed, dependingon the security level required, and an acceptable enrollment process fora particular case. In general, the fewer the choices required by theuser, the less secure the embodiment will be, but the trade off betweensecurity and ease of use is important, and should be decided on acase-by-case basis.

FIG. 12 a shows page 1 of an enrollment user interface (UI), which showsthe popup window superimposed requesting entry of the username. In anembodiment, for added security, the username is obscured in a similarway as is typically accomplished with a password field.

FIG. 12 b shows page 1 of an enrollment UI after the disappearance ofthe popup window, showing the same screen 1 the scrollable “favorites”category selections, and the boxes at the bottom of the screen where therunning tally of the user's choices will be displayed

FIG. 12 c shows enrollment page 2 showing 9 of the specific item choicesavailable, and allowing the user to scroll for more. In this diagram,the user had selected “sports” as the category on the previous page, andthis is the third favorite, as indicated by the running tally belowshowing the two previous choices, and the note in the header that reads“selection 3.”

Verification (Login)

While it may be acceptable for the enrollment process to take a fewminutes, and require the user to be guided through multiple steps,verification should be as quick and simple as possible. This iswell-known in biometrics since biometric devices usually require aseries of steps to enroll. At verification, however, the expectation ofthe user is that the use of the technology will make verification oftheir identity not only more secure, but much easier and faster. Thesame is applicable with implementations. Despite widespread identitytheft and hacking, many users are far more concerned with conveniencethan they are about security.

In the example presented here, an enrolled user initiates verificationby launching an image-enabled app, or requesting login to a local orremote system. Immediately, the verification screen appears with arandomized group of choices for the user, and a popup windowsuperimposed that requests entry of the username, as depicted in FIG. 13a. Once the username is entered, the popup window disappears exposingthe screen with the randomized choices for the user to select. This isshown in FIG. 13 b. The options offered on a single screen contain atleast one of the user's “favorite” images that were selected atenrollment, but also contains a number of other “incorrect” options thatare selected randomly from a large set of options. The central portionof the screen with the icons of the selectable items can be scrolled upor down to expose more choices. In this example, to pass verification,the user chooses four of the seven favorite items that were chosen atenrollment. Once all favorites have been correctly selected, the screendisappears, and login proceeds. If the choices are incorrect, the loginprocess starts over again from the beginning For added security, theremay be a limit placed on the number of failed attempts a user can makein a login session.

FIG. 13 a shows a verification user interface (UI) page with the popupwindow superimposed requesting entry of the username. In an embodiment,the verification page is a single page to make verification quick andsimple. Also note again that for added security, the username can beobscured in the same way as is typically done with a password field.

FIG. 13 b shows the verification user interface page after thedisappearance of the popup window showing the scrollable “favorites”selections that have been randomly selected from a large array ofoptions. As indicated in the footer at the bottom of the screen, theapplication is ready for the third favorite out of a total of fourrequired for verification. In other embodiments, more than fourfavorites may be requested for a successful login. In anotherembodiment, more than four favorites may be requested to complete afinancial transaction. In other embodiments, less than four favoritesmay be requested for a successful login.

In embodiments, robust security is desired but also convenience and apositive experience of the user are also important. There is sometimes atradeoff between security and convenience for the user, and thistradeoff is fundamental to security technology from the old-fashionedlock and key, to the most modern and sophisticated security technologyused today.

There is a correlation between the number of favorites required duringenrollment, the number of favorites needed to verify, in the specificrequirements of the order of the choices, and in the layout andpresentation of the images themselves. For example, if the user isrequired to select his/her favorite images in the same order they werechosen at enrollment, this increases the security greatly, but makesremembering the images much easier than a password, since peoplememorize and remember by association. Each person has his own personalunique association, which makes this a natural approach to a stronger,more effective security system.

It is helpful to note that the technology and embodiments haveflexibility in this aspect, and that the choice of these parameters canbe adjusted, not only from one application to another, but if desired,from one transaction to another. For example, if in an embodiment a userhas chosen seven items at enrollment, he/she may be asked to select onlyfour items to unlock the phone interface, but when logging into a bankaccount, he/she may be asked to enter all seven items. In an alternativeembodiment, the user may be requested to select 12 items instead of 7.This means that the technology can be adjusted “on the fly” toaccommodate varying security levels for different embodiments.

In addition, as explained in a previous section, the use of images, plusthe application of image processing, and non-deterministic random numbergenerator, makes the UI and the system secure against sophisticatedmalware and hacking methods. The images shown in the UI diagrams abovecan be reordered, and the options offered can be changed using thenon-deterministic random numbers on every screen during enrollment andverification. This removes the possibility of malware or onlookersrecognizing patterns in what is being presented to the user, orfollowing the user's behavior. As explained above, to address security,the images themselves are modified to prevent sophisticated malware fromrunning in the background to recognize the images directly by means ofcomputational pattern recognition. This can be accomplished by againusing the non-deterministic random number generator to produceunpredictable parameters for the algorithms that modify the images usingspecial types of noise, or applying rotation or translation to changethe orientation or position of the image on the screen, or distortingthe images slightly to change their shape. In fact, all of the abovemodifications can be applied simultaneously, randomly to each image,differently on every step in the enrollment or verification process,each time it is used. The same can be done to the text on the screen inorder to make it unreadable by malware as well, if needed. Because thehuman eye/brain system is so highly adept at recognizing images, thesemodifications to the images can be made so that it is extremelydifficult for sophisticated malware to recognize what is happening onthe device, without spoiling the human user's experience

As stated above, the UI design presented here is an example of howembodiments can be implemented. There are other UI embodiments that usevisual images for login and entry of information a non-digital or nonASCII format. The intent is to highlight the main components that makeup this system, while showing flexibility. The exact layout and featuresof the UI are up to the designer of the product or system which uses thetechnology. Depending on the details of the device, the application andthe security requirements, the user interface may be configured verydifferently. On some systems, it may be best to guide users though aseries of separate screens instead of scrolling. If scrolling ispreferred, it can be done in one or two dimensions on the screen, orperhaps using scroll wheels, similar to those used in the Apple iPhone'sdate and time settings. In some cases, more category options, or subcategory options may be useful. During the verification process, ifpreferred, the items can be categorized, similar to the example forenrollment, and it may be desirable to have all the choices displayed ona single screen, rather than offering more items to choose viascrolling, in which case the categories could be panelized on thescreen.

The choice of the images used is also to be considered. Simple binaryimages, such as those shown in the example of an embodiment, may be usedin some embodiments. Full-color images could be used as well, dependingon what sort of image processing is preferred for security enhancements.The shape and size of the images is flexible as well. The images chosencould even be opened up to the user by providing a large database ofdownloadable images, similar to the wide array of ringtones nowavailable for cell phones. There may be some restrictions on theproperties of the images used, however, again depending on the specificsof the security needs, the device, and the user interface design, butoverall, it is extremely flexible.

Security Advantages

Given the dangers posed by malware, it is essential that recipients ofinternet dataflow in a transaction can be assured that the sender ishuman and the recipient (on the server side) is the actual institution(e.g., a bank) and not malware posing as a bank. The solution ensures alive human is reading, entering and broadcasting information. A GUIbased on special processed images renders messages that are “unreadable”by machines or automated processes. This robust security solution is webserver driven making it usable by personal computers, mobile devices andany device with a visual interface. Before describing the interface andGUI, we discuss some security advantages.

Unpredictability

On the web server, it uses one or more hardware devices that utilizefundamental laws of physics to generate non-deterministic randomnumbers. This is in contrast to the use of pseudo-random numbergenerators in RSA SecurID, for example, which are based on deterministicalgorithms. These unpredictable numbers are used for three majorpurposes:

Unpredictable numbers are used to unpredictably place images on thescreen.

Unpredictable numbers are used to unpredictably change the image shape

Unpredictable numbers are used to add unpredictable noise to images.

Given this unpredictability at multiple sites, the sequence of imagesused for a login/authentication cannot be reproduced by a digitalcomputer program because the numbers are not generated by adeterministic algorithm (i.e., a digital computer program). Instead,quantum devices are used. In some embodiments, the quantum devicesutilize one or more photons being emitted from a device and generating arandom 0 or 1 based on the time at which the photon is emitted.

A well-designed quantum device can generate numbers according to thefollowing two quantum-random properties of no bias and history has noeffect on the next event.

There is no bias: A single outcome x_(k) of a bit sequence (x₁ x₂ . . .) generated by quantum randomness is unbiased: P(x_(k)=1)=P(x_(k)=0)=½.

History has no effect on the next event: Each outcome x_(k) isindependent of the history. There is no correlation that exists betweenprevious or future outcomes. For each b_(j) ∈ {0, 1}, P(x_(k)=1|x₁=b₁, .. . , x_(k−1)=b_(k−1))=½ and P(x_(k)=0|x₁=b₁, . . . ,x_(k−1)=b_(k−1))=½.

Let Π={(b₁ b₂ . . . ): b_(k) ∈ {0, 1}} be the space of infinitesequences of 0's and 1's representing infinite quantum random bitsequences. It can be shown that if a quantum device producing thequantum randomness runs under ideal conditions to infinity, then theresulting infinite sequence of 0's and 1's (i.e., sequence in Π) isincomputable. In other words, no digital computer program (i.e.,deterministic algorithm) can reproduce this infinite sequence of 0's and1's. This incomputability of quantum random sequences is a usefulproperty of non-deterministic random numbers. The resultingunpredictability incorporated into the image generation and manipulationin the system can make the recognition of the visual images a difficultartificial intelligence (AI) problem for machines. This unpredictabilitycan be applied in the noise generation that is used to make visualimages more difficult for machine algorithms to recognize.

In an embodiment, a hardware device, as shown in FIG. 17, detects thepolarization of photons and uses this detection to determine a quantumrandom 0 or 1. In an embodiment, the hardware detector uses linearlypolarized photons (light). In an embodiment, the hardware detector usescircularly polarized photons (light). In an embodiment, a quantum random0 or 1 is generated by the detection of a single photon. In analternative embodiment, a quantum random 0 or 1 is generated by thedetection of more than one photon.

In an embodiment, as shown in FIG. 18, a quantum random 0 or 1 isgenerated based on the relative timing based on quantum events 0, 1 and2. In FIG. 18, T₁ is the time elapsed between quantum event 0 andquantum event 1; T₂ is the time elapsed between quantum event 1 andquantum event 2. In an embodiment, if elapsed time T₁ is greater thanelapsed time T₂ then a quantum random 1 is generated; if elapsed time T₁is less than elapsed time T₂ then a quantum random 0 is generated. In analternative embodiment, if elapsed time T₁ is greater than elapsed timeT₂ then a quantum random 0 is generated; if elapsed time T₁ is less thanelapsed time T₂ then a quantum random 1 is generated. In an embodiment,events 0, 1, and 2 are the result of detecting a photon. In anotherembodiment, events 0, 1 and 2 are the result of detecting a photon thatis horizontally polarized.

In an embodiment, the detection of a photon may occur in a semiconductorchip as shown in FIG. 16.

Noise

As the number, scope and value of transactions being conducted via theInternet and through the use of mobile devices increases, so do theincentives for hackers to apply ever greater resources to their craft.At the same time, the available computing power that can be applied bymalware towards attacks of escalating sophistication is increasing.Smart phones today have unprecedented number crunching power; while thispower can be used to create clever security systems, it can also beharnessed by malware at any node in the communication path to whichmalware can gain access.

In embodiments, images help ensure that a human, not a machine, iscontrolling the transaction or the communication between the user andinstitution. This is based on the highly developed ability of humans torecognize images. Although machine vision is embryonic by comparisonwith the mature image recognition abilities of the human eye-braincombination, it is possible for machines to recognize images. In orderto provide robust security in anticipation of the possibility thatsophisticated malware may incorporate machine vision techniques toattack image-based security systems, proprietary methods were developedto counteract computational image recognition, and fully exploit innatehuman pattern recognition abilities.

One widely used approach to computational pattern recognition is thecorrelation operation. This is a direct point-by-point mathematical“comparison” of two functions that can be used not only to detect thepresence of a feature in an image, but to also find its locationaccurately. The continuous expression that describes the non-normalizedcorrelation operation C between two real, one-dimensional functions Aand B is:

C(t^(′)) = A(t) ⊙ B(t) = ∫_(−∞)^(+∞)A(t + t^(′))B(t) t

The ⊚ operator represents the correlation operation. In discrete form,as implemented in a digital computer, the correlation can be written as:

${C\left( t^{\prime} \right)} = {\sum\limits_{t}\; {{A\left( {t + t^{\prime}} \right)}{B(t)}}}$

This can be extended to two dimensions for use with images as:

${C\left( {x^{\prime},y^{\prime}} \right)} = {\sum\limits_{y}\; {\sum\limits_{x}\; {{A\left( {{x + x^{\prime}},{y + y^{\prime}}} \right)}{B\left( {x,y} \right)}}}}$

It can be further extended to be used with two dimensional images, aswell as finding the rotational orientation of one image with respect tothe other as:

${C\left( {x^{\prime},y^{\prime},\theta} \right)} = {\sum\limits_{\theta}\; {\sum\limits_{y}\; {\sum\limits_{x}\; {\left\lbrack {{R(\theta)}{A\left( {{x + x^{\prime}},{y + y^{\prime}}} \right)}} \right\rbrack {B\left( {x,y} \right)}}}}}$

R is a rotation operator applied to A.

One reason the correlation operation is so powerful and widely used isthat the calculation of the correlation function can be done efficientlyusing a fast Fourier transform (FFT). Performing the correlationoperation directly, point-by-point, can be done very rapidly with moderncomputers for small images, but the computational complexity increasesas N², where N is the number of data points in the image being crosscorrelated (for images of equal size). However, the correlationoperation can be calculated using FFTs as follows:

A⊚B=IFFT((FFT(A))×(FFT(B)))

Here, A and B are the two image arrays and “IFFT” represents the inverseFFT operation. This computation scales with image size much more slowlyand increases as N*log(N). In addition, since the FFT is so widely usedfor many data processing tasks, and FFTs are a common component of mostfloating-point benchmark tests for processors, many modern processorsare designed with FFTs in mind and some are even optimized forperforming FFTs. Therefore, for sufficiently large images, the use ofFFTs to compare images is efficient. However, as the complexity of thecorrelation increases, for example if rotation is added, thecomputational load increases quickly, making computational patternrecognition more difficult.

If the images are small enough, the use of FFTs for doing correlationswill become inefficient compared with direct correlation because of theextra computations needed to perform the forward FFTs and the inverseFFT. However, image recognition using correlation operations can beextremely effective with the power of modern computers and the choice ofdirect correlation or the alternate use of FFTs to calculate thecorrelation function (depending on image size).

It is important that the system be resistant to hacking through the useof correlation operations, and other computational pattern recognitiontechniques. Consequently, techniques can be applied to images to disruptthe use of correlation operations that either recognize images or locatefeatures within an image, yet the image remains fully recognizable by aliving human observer.

One of these techniques is the processing of the image using aspecialized noise structure to create a “noise modified image.” Thereare several different noise structures that can use thenon-deterministic random numbers generated by quantum physics-basedhardware. Having various noise structures further enhances the securityof the technique because the type of noise used to modify the image canbe varied.

An example of using the noise structure is demonstrated in FIGS. 14 and15 below. In the binarized (black or white pixels only) image in FIG. 14a, both the presence and exact locations of the letter p are found inthe word apple using a correlation operation. When the “noise modifiedimage” is correlated with an exact copy of the letters used in the baseimage, the result is unintelligible noise as shown in FIG. 15 c.

FIGS. 14 a, 14 b and 14 c shows the use of correlation operation todetect and find the locations of features in an image. FIG. 14 a showsan image containing the word “apple” in a handwritten style font. FIG.14 b shows an image of the the letter “p” in the same font used in theimage. FIG. 14 c shows the correlation function image showing thedetection of the presence, and exact locations of the letter “p” in theimage in FIG. 14 a, indicated by the bright peaks in FIG. 14 c.

FIGS. 15 a, 15 b and 15 c show the addition of special types of noise todefeat the use of the correlation operation to find features in animage. FIG. 15 a shows an image containing the same word “apple” in thehandwritten style font from FIG. 14 a but with a special type of noiseadded that enhances the contrast of the noise over the letters versusthe background, where the noise contrast is reduced.

FIG. 15 b shows the raw image of the letter “p” in the same font used inthe original image before the noise is added.

FIG. 15 c shows the correlation function image which is unintelligible,indicating the inability to detect the presence or locations in theletter “p” in the image in FIG. 15 a.

In addition to the various noise structures that can be used, otherrandomized mathematical transformations can be applied to the images tomake them even more difficult for machine algorithms to hack. Thesetransformations include (1) translation, as in the figures above withthe letters in the word “apple” being shifted up and down randomly; (2)rotation; (3) various types of morphing, including size and aspect ratiochanges as well as both linear and non-linear geometric distortion. Allof these transformations can be based on the non-deterministic randomnumber generator for maximum security. Several of these differentmodifications can all be applied to a single image simultaneously,making recognition by a machine nearly impossible. Again, the image ofthe word “apple” in FIG. 15 a is an example. Here, the letters aredistorted slightly in shape and size, their positions are randomlyaltered, and the noise structure is applied.

These noise methods may be applied to number images (e.g., images of thenumbers 0, 1, 2, 3, 4, 5, 6, 7, 8 or 9), images of animals, images ofsports items, face images, and other images of favorites.

In some embodiments, security solutions are provided for securetransactions against untrusted browser attacks and other cyberattacks.In some embodiments, the solution(s) described in the specificationsecure payment transactions. In other embodiments, the solution(s) maysecure access and use of private networks such as Secret InternetProtocol Router Network (SIPRnet) or resources on a publicinfrastructure such as the electrical grid.

The System

FIG. 1A shows an embodiment of a system 100 for providing securetransactions. In an embodiment, system 100 may include user system 101,and user system 101 may include secure area 102, secure memory system104, secure processor system 106, output system 108, input system 110,sensor 111, communication system 112, memory system 114, processorsystem 116, input/output system 118, operating system 120, and networkinterface 122. System 100 may also include network 124 and serviceprovider system 126. In other embodiments, system 100 may not have allof the elements or features listed and/or may have other elements orfeatures instead of, or in addition to, those listed.

System 100 is a system within which a secure transaction takes place(FIGS. 1A, 1B, 2A, 2B, 3, 3A, and 3B describe various details of system100 and various methods for using system 100). In this specification theword system refers to any device or system of devices that communicatewith one another. User system 101 is one that has a secure area that isdedicated for performing secure transactions over a network. User system101 may be a single device or a combination of multiple devices. Usersystem 101 may be a portable device, personal computer, laptop, tabletcomputer, handheld computer, mobile phone, or other network system, forexample (in this specification a network system is any device or systemthat is capable of sending and/or receiving communications via anetwork). In an embodiment, a secure area 102 may be provided forperforming secure transactions. In this specification, authenticationinformation references to any form of information used forauthenticating a user. In an embodiment, within secure area 102,authentication information, such as a biometric authentication and/oranother form of authentication is bound to the authorization of anaction. In other words, the authentication information is in some waycombined with the information for performing the action, such as bybeing concatenated together and then applying a hash function to theresult of the concatenation. In this specification, the words “action”and “transaction” may be switched one with another to obtain differentembodiments. Throughout this specification, whenever information isdisclosed as being combined, the information may be concatenated, addedtogether (e.g., in a binary addition of the binary values ofinformation), be different inputs to the same function, and/or combinedin another manner.

A hash function, denoted by Φ, is a function that accepts as its inputargument an arbitrarily long string of bits (or bytes) and produces afixed-size output. In other words, a hash function maps a variablelength message m to a fixed-sized output, Φ(m). Typical output sizesrange from 160 bits, 256 bits, 512 bits, or can also be substantiallylarger.

An ideal hash function is a function Φ whose output is uniformlydistributed in the following way: Suppose the output size of Φ is nbits. If the message m is chosen randomly, then for each of the 2^(n)possible outputs z, the probability that Φ(m)=z is 2^(−n). In anembodiment, the hash functions that are used are one-way. A one-wayfunction Φ has the property that given an output value z, it iscomputationally extremely difficult to find a message m_(z) such thatΦ(m_(z))=z. In other words, a one-way function Φ is a function that canbe easily computed, but that its inverse Φ⁻¹ is extremely difficult tocompute. Other types of one way functions may be used in place of a hashfunction.

Any of a number of hash functions may be used. One possible hashfunction is SHA-1, designed by the National Security Agency andstandardized by NIST. The output size of SHA-1 is 160 bits. Otheralternative hash functions are of the type that conform with thestandard SHA-256, which produces output values of 256 bits, and SHA-512,which produces output values of 512 bits. A hash function could be oneof the SHA-3 candidates. A candidate example of a hash function isBLAKE. Another example of a hash function is GrØstl. Another example ofa hash function is JH. Another example of a hash function is Keccak.Another example of a hash function is Skein.

In an embodiment, secure area 102 may have its own secure processorsystem and secure memory system, which are not accessible by the rest ofuser system 101. Secure area 102 may be capable of taking over and/orblocking access to other parts of user system 101.

Secure memory system 104 may be a dedicated memory for securingtransactions. In an embodiment, secure memory system 104 may not beaccessed by the other processor systems of user system 101. Memorysystem 104 may include, for example, any one of, some of, anycombination of, or all of a long-term storage system, such as a harddrive; a short-term storage system, such as random access memory; aremovable storage system, such as a floppy drive or a removable drive;and/or flash memory. Memory system 104 may include one or moremachine-readable mediums that may store a variety of different types ofinformation. Secure memory system 104 may store methods and informationneeded to perform the secure transaction, user information, a method ofgenerating a registration key, and encryption/decryption code. Securememory system 104 may include one or more memory units that each writeand/or read to one or more machine readable media. The termmachine-readable medium is used to refer to any non-transient mediumcapable carrying information that is readable by a machine. One exampleof a machine-readable medium is a computer-readable medium. Anotherexample of a machine-readable medium is paper having holes that aredetected that trigger different mechanical, electrical, and/or logicresponses. The content of secure memory 104 is discussed further in FIG.1B, below.

Secure processor system 106 may include one or more processors.Processor system 116 may include any one of, some of, any combinationof, or all of multiple parallel processors, a single processor, a systemof processors having one or more central processors and/or one or morespecialized processors dedicated to specific tasks. Processor system 116implements the machine instructions stored in memory 114. Secureprocessor system 106 may include one or more processors that cannot beaccessed by the main processor of the user system 101. For example, inan embodiment all of the processors of secure processor system 106cannot be accessed by the main processor of system 101. In anembodiment, the operating system of user system 101 may have no accessto secure area 102, and in an embodiment, secure area 102 may beprogrammed without benefit of an operating system, so that there is nostandard manner of programming secure area 102, which thwarts hackersfrom sending read and/or write commands (or any other commands) tosecure area 102, because secure area does not use standard read andwrite commands (and does not use any other standard commands). As aconsequence, providing secure area 102 addresses the weakness ofbiometric authentication and other authentication methods.

Output system 108 may include any one of, some of, any combination of,or all of a monitor system, a handheld display system, a printer system,a speaker system, a connection or interface system to a sound system, aninterface system to peripheral devices and/or a connection and/orinterface system to a computer system, intranet, and/or internet, forexample. In an embodiment, secure processor system 106 may be capable oftaking over and using any portion of and/or all of output system 108. Inan embodiment, a portion of the output system may be a dedicated displaysystem that may be accessed only by secure area 102. In an embodiment,secure processor 106 may be capable of receiving input from input system110 and/or blocking access to output system 108 by the main processorsystem and/or other devices.

Input system 110 may include any one of, some of, any combination of, orall of a biometric sensor 111, a keyboard system, a touch sensitivescreen, a tablet pen, a stylus, a mouse system, a track ball system, atrack pad system, buttons on a handheld system, a scanner system, amicrophone system, a connection to a sound system, and/or a connectionand/or interface system to a computer system, intranet, and/or internet(e.g. IrDA, USB). In an embodiment, biometric sensor 111 may be a fingerprint scanner or a retinal scanner. In an embodiment, user system 101stores the processed data from user information 104B duringregistration. In an embodiment user system 101 retrieves userinformation 104B and compares the scanned output of sensor 111 to userinformation 104B to authenticate a user. In an embodiment secureprocessor 106 may be capable of receiving input from input system 110and/or blocking access to input system 110 by the main processor systemand/or other devices. In at least one embodiment, processor 116 maycapture pressure (e.g., pressing fingers) events on a touch sensitivescreen or a mouse clicking corresponding to something of interest (e.g.,a visual image) on a PC display. FIG. 5 shows images of part of an icon,the word “NAME” and the letters of the alphabet“ABCDEFGHIJLKLMNOPQRSTUVWXYZ”.

Communication system 112 communicatively links output system 108, inputsystem 110, memory system 114, processor system 116, and/or input/outputsystem 118 to each other. Communications system 112 may include any oneof, some of, any combination of, or all of electrical cables, fiberoptic cables, and/or means of sending signals through air or water (e.g.wireless communications), or the like. Some examples of means of sendingsignals through air and/or water include systems for transmittingelectromagnetic waves such as infrared and/or radio waves and/or systemsfor sending sound waves.

Memory system 114 may include, for example, any one of, some of, anycombination of, or all of a long-term storage system, such as a harddrive; a short-term storage system, such as random access memory; aremovable storage system, such as a floppy drive or a removable drive;and/or flash memory. Memory system 114 may include one or moremachine-readable mediums that may store a variety of different types ofinformation. Memory system 114 and memory system 104 may use the sametype memory units and/or machine readable media. Memory system 114 mayalso store the operating system of user system 101 and/or a web browser(which may also be referred to as an HTTP client). In embodiment, memorysystem 114 may also store instructions for input system 110 to read inbiometric data and send the biometric data to secure area 102.

Processor system 116 may include one or more processors. Processorsystem 116 may include any one of, some of, any combination of, or allof multiple parallel processors, a single processor, a system ofprocessors having one or more central processors and/or one or morespecialized processors dedicated to specific tasks. Processor system 116implements the machine instructions stored in memory 114. In anembodiment, processor 116 does not have access to secure area 102. In atleast one embodiment, processor 116 may capture pressure (e.g., pressingfingers) events on a touch sensitive screen or a mouse clickingcorresponding to something of interest (e.g., a visual image) on a PCdisplay.

In an embodiment, clicking on the red letter “R” (e.g., via image entry179 in FIG. 1B) shown at the bottom of the FIG. 6 would have a similareffect to typing the letter “R” on the keyboard but would make it moredifficult for malware to know what the user is entering.

In an alternative embodiment, processor 116 only communicates to securearea 102 when secure area 102 authorizes processor 116 to communicatewith secure area 102. Secure area 102 may prevent processor 116 fromcommunicating to secure 102 during the secure area's execution ofcritical operations such as setup, generation of keys, registration key,biometric authentication or decryption of transaction information.

Input/output system 118 may include devices that have the dual functionas input and output devices. For example, input/output system 118 mayinclude one or more touch sensitive screens, which display an image andtherefore are an output device and accept input when the screens arepressed by a finger or stylus, for example. In at least one embodiment,the user may see visual images of letters on a screen as shown in FIG.5. In FIG. 5, pressing a finger over the letter “B” shown just below theword NAME would indicate typing or entering the letter “B”.

The touch sensitive screen may be sensitive to heat and/or pressure. Oneor more of the input/output devices may be sensitive to a voltage orcurrent produced by a stylus, for example. Input/output system 118 isoptional, and may be used in addition to or in place of output system108 and/or input device 110. In an embodiment, a portion of theinput/output system 118 may be dedicated to secure transactionsproviding access only to secure area 102. In an embodiment, secureprocessor 106 may be capable of receiving/sending input/output from/viainput system 110 and/or blocking access to input system 110 by the mainprocessor system and/or other devices. Restricting access to a portionof and/or all of the input/output system 118 denies access to thirdparty systems trying to hijack the secure transaction.

Operating system 120 may be a set of machine instructions, stored inmemory system 110, to manage output system 108, input system 110, memorysystem 114, input/output system 118 and processor system 116. Operatingsystem 120 may not have access to secure area 102. Network interface 122may be an interface that connects user system 101 with the network.Network interface 122 may be part of input/output system 118.

Network 124 may be any network and/or combination of networks of devicesthat communicate with one another (e.g., and combination of theInternet, telephone networks, and/or mobile phone networks). Serviceprovider system 126 (which will be discussed further in conjunction withFIG. 2A) may receive the transactions. The recipient may be the finalrecipient or an intermediary recipient of transactions.

Service provider system 126 may be a financial institution or arecipient of a secure transaction. User system 101 may interact with anyof a variety of service provider systems, such as service providersystem 126, via a network 124, using a network interface 122. Serviceprovider system 126 may be a system of one or more computers or anotherelectronic device, and may be operated by a person that grants aparticular user access to its resources or enables a particular event(e.g., a financial transaction, a stock trade, or landing a plane at anairport, and so on).

Methods for securing transactions are disclosed in this specification,which may be implemented using system 100. A financial transaction maybe an instance or embodiment of a transaction. Further, a stock trade isone embodiment of a financial transaction; a bank wire transfer is anembodiment of a financial transaction and an online credit card paymentis an embodiment of a financial transaction. Any operation(s) that runsin a trusted environment, which may be secure area 102 may be treated asa secure transaction. In an embodiment, every secure transaction mayinclude one or more atomic operations and the use of the wordtransaction is generic to both financial transactions and operationsincluding atomic operations unless stated otherwise. In thisspecification, the word transactions is also generic to an individual orindivisible set of operations that must succeed or fail atomically(i.e., as a complete unit that cannot remain in an intermediate state).Operations that require security may include operations that make useof, or rely on, the confidentiality, integrity, authenticity, authority,and/or accountability of a system should be executed in a trustedenvironment (e.g., in a secure area, such as secure area 102). Types ofoperations that require security may be treated as secure transactions.Further, a successful transaction other than logging information altersa system (e.g., of service provider 126) from one known, good state toanother, while a failed transaction does not. To be sure that atransaction results in a change of state only when the transaction issuccessful—particularly in systems that handle simultaneousactions—rollbacks, rollforwards, and deadlock handling mechanisms may beemployed to assure atomicity and system state integrity, so that ifthere is an error in the transaction, the transaction does not takeeffect or does not cause an unacceptable state to occur.

In at least one embodiment, a secure transaction assures the followingproperties:

-   A. Availability: Having timely and reliable access to a    transactional resource.-   B. Confidentiality: Ensuring that transactional information is    accessible only to those authorized to use the transactional    information.-   C. Integrity: Ensuring that transactional information is protected    from unauthorized modification.-   D. Authentication: Ensuring that transactional resources and users    accessing the transactional resources are correctly labeled    (identified).-   E. Authorization: Ensuring that only authorized users have access    rights to transactional resources.-   F. Accounting: Ensuring that a transaction cannot be repudiated. Any    operation that handles or provides access to data deemed too    sensitive for an untrusted environment (e.g., any private data) may    be treated as a secure transaction to ensure that information    leakage does not occur.

In at least one embodiment, these functionalities may be processed usinga mobile phone. Some examples of a mobile phone are an Android phone,the iPhone and the Blackberry. In at least one embodiment, a secure chipor secure part of the chip may reside in a personal computer. In atleast one embodiment involving a mobile phone or computer, a secure chipmay be temporarily or permanently disconnected from the rest of thesystem so that the operating system 120 does not have access to criticalinformation entered into and received (e.g., read or heard) from thesecure area's user interface. In at least one embodiment, this criticalinformation may be authentication information, such as a collection ofimages, biometric information, passwords, passcodes, PINS, other kindsof authentication factors, transaction information, and/or other usercredentials.

In at least one embodiment in which user system 101 is a portabledevice, the portable device may have a user interface with a keyboardand mouse or display screen that is sensitive to the placement offingers enables the user to select buttons, images, letters, numbers orsymbols. In at least one embodiment, the screen may be used to selectone or more images. As an example, FIG. 7 shows the choice of selecting“ACCEPT” or “ABORT” using images. The selection is captured by imageentry 179 shown in FIG. 1B. At least one embodiment may enable the userto enter transaction information using this keyboard and mouse or thedisplay screen.

Portable embodiments of user system 101 enable users to execute securetransactions in remote places such as inside a jet, on a golf course,inside a moving automobile, from a hotel room, in a satellite, at amilitary gate, and/or other isolated places.

In at least one embodiment, a person may be requested to choose theirfavorite food and he or she may select an apple image—via the userinterface—as user verification. In another instance at a later time, atransaction may require a person to select one or more images (i.e., acollection of images) from a display screen. Example images could be apicture or photo of an orange, a train, a specific pattern such as apeace sign or a diagram or a logo, a Mercedes car, a house, a candle,the Golden Gate bridge or a pen.

FIG. 4 shows images of parts of a logo. FIG. 9 shows different textureimages: horizontal, vertical, triangular, mixed, dotted, bubble,simplicial, and foliation. At the bottom of FIG. 8 is a geometric imageof a blue rectangle on top of a blue triangle which is on top of a redblob. Just to the right in FIG. 8, is a rectangle with vertical textureon top of a triangle with dotted texture on top of a blob withsimplicial texture. FIG. 5 shows images of the alphabet letters:“ABCDEFGHIJKLMNOPQRSTUVWXYZ”. In at least one embodiment, during setupthe person may add his or her own images using image acquisition 173,which are then used for user verification during the transaction. Whenimages are a part of the user verification process, a display screen maybe used, which may call image display 177.

Although some embodiments of user system 101 below may be described asusing collections of visual images as a user's universal identifier oras user authentication, other items or a combination of these items maybe used for verifying the identity of the person such as face prints,iris scans, finger veins, DNA, toe prints, palm prints, handprints,voice prints and/or footprints. Any place, the expression “biometricprints” occurs any of the above listed different specific types ofbiometrics may be substituted to get specific embodiments. In terms ofwhat a person knows, the authentication items may be PINs, passwords,sequences, collections of images that are easy to remember, and/or evenpsychometrics. In an embodiment, the item used to verify the person maybe any item that is unique. In an embodiment, the item(s) used to verifythe person may be one or more items that as a combination are difficultfor malware to fabricate, guess, find by trial and error, and/orcompute. In an embodiment, the item(s) used to verify the person areuniquely associated with this person. In an embodiment, the item used toverify the person has an unpredictable element.

In at least one embodiment, there is a secure area 102 that may be aspecialized part of the chip (e.g., a microprocessor), where theoperating system 120 and web browser software do not have access to thisspecialized part of the chip. In at least one embodiment, a specializedpart of the chip may be able to turn off the operating system 120'saccess to presses of the buttons or a screen of a mobile phone (or othercomputing device), preventing malware and key or screen logging softwarefrom intercepting a PIN or the selection of an image. In at least oneembodiment, a specialized part of the chip may be able to temporarilydisconnect the rest of the chip's access to the screen (e.g., bypreventing the execution of the operating system 120 and web browser).In at least one embodiment, part of the display screen may bepermanently disconnected from the part of the chip (e.g., from themicroprocessor of the chip) that executes the operating system 120 andweb browser. In at least one embodiment, a part of the chip may onlyhave access to the biometric sensor, while the rest of thechip—executing the operating system 120 and web browser—is permanentlydisconnected from the biometric sensor.

In at least one embodiment, there includes a secure area, such as securearea 102, that executes a biometric acquisition and/or storage ofcryptography keys, and other user credentials, which may be created fromthe biometric prints or created from unpredictable physical processes insecure area 102, or created from a combination of the biometric printsand unpredictable processes In at least one embodiment, photons may beproduced by the hardware as a part of the unpredictable process. Inleast one embodiment, the unpredictable process may be produced by aspecialized circuit in the secure area.

In yet another embodiment of the invention, biometric prints and/orunpredictable information from unpredictable physical process are usedto generate one or more keys in the secure area 102. The secure area 102may include embedded software. In at least one embodiment, the embeddedsoftware is on a chip with a physical barrier around the chip to hinderreverse engineering of the chip, and/or hinder access to keys,transaction information, and/or possibly other user credentials.

By executing software from server provider system 126, the selection ofvisual images, using image entry 179, are less susceptible to theft asthey can be displayed on the screen in a form that is not easilyrecognizable or captured by malware. Because they are difficult formalware to recognize or apprehend, they can be presented by imagedisplay 177 in a less secure part of the system such as operating system120 running a web browser. Each of the above embodiments may be usedseparately from one another in combination with any of the otherembodiments. All of the embodiments of this specification may be usedtogether or separately.

Secure Area in a Device or a Chip

To provide additional security, some embodiments may use a secure area102 that may be part of user system 101 or a special part of the chipthat is able to acquire biometric prints, store authenticationinformation, and/or authenticate the newly acquired items. Theauthentication information may include templates of biometric prints,images, pins, and/or passwords. The secure area may also be a part ofthe device where critical transaction information may be entered orverified on a display that the secure area only has access to. In atleast one embodiment, the host computer (domain) and the network have noaccess to the transaction information, no access to the keys, no accessto biometrics, and/or no access to other critical user credentials (thetransaction information, the keys, the biometrics, and/or other criticaluser credentials may be the contained and processed by the secure area).

Payment Transaction Information

In this specification, transaction information refers to one or moreitems of information that describe the transaction. For a paymenttransaction, one item of transaction information may be the name of theperson or entity sending the money. Another item of transactioninformation may be the name of the person or entity receiving the money.Another item of transaction information, may be the date or time of day.Another item of transaction information may be the sending person's (orentity's) account number. Another item of transaction information may bethe receiving person's (or entity's) bank account number. FIG. 10 showsa recipient account number 9568342710 with a collection of visualimages.

The sending person or entity is the person or entity that sends amessage that is part of the transaction and the receiving person orentity (recipient) is the person or entity that receives the messagethat is part of the transaction. Another item of transaction informationmay be the sending person's (or entity's) routing number. Another itemof transaction information may be the receiving person's (or entity's)routing number. Another item of transaction information may be theamount of money that may be expressed in dollars, Eros, yen, francs,deutschmark, yuan or another currency.

Setup

During setup, one or more images may be acquired by using imageacquisition 173 in user system 101. These one or more images may serveas a user's universal identifier or provide a method to authenticate theuser. An example of one or more images that may serve as a universalidentifier is shown in FIG. 11. In at least one embodiment, no imagesare stored in user system 101. In at least one embodiment, these imagesare acquired and encrypted by image encrypt/decrypt 175 and transmittedto service provider system 126. During setup, in at least oneembodiment, a background texture may be selected by the user, that wasgenerated by image generator 238 in service provider system 126. FIG. 9shows some examples of textures.

In at least one embodiment, a symbol, letter, number and/or imagetexture may be selected or generated. As an example, FIG. 8 shows theword “SIMPLICIAL” written with a bubble texture using a simplicialbackground texture. In at least embodiment, a unique icon or image maybe chosen or generated by the user system 101 and/or the user and/orservice provider system 126.

In at least one embodiment, user makes sure that a recognizable imagegenerated by image generator 238 appears on the user interface that isonly known to service provider system 126. FIG. 4 shows an example ofdifferent parts of a unique logo that may serve this purpose. The use ofrecognizable image in different forms helps hinder malware fromcapturing important setup information and helps assure that the user iscommunicating with the appropriate service provider system 126.

During setup, in at least one embodiment, some initial transactioninformation is provided to service provider system 126. This transactioninformation may include the user's name, the user's bank account numberand bank. In at least one embodiment, some of this transactioninformation provided via image entry 179 to service provider system 126,may be provided by using images (i.e., acquired with image acquisition173) that are difficult for malware to capture or apprehend.

In at least one embodiment, during setup one or more biometric printsmay be acquired, and one or more unique registration keys andcryptography keys may be generated from the one or more of the biometricprints (items) or generated from an unpredictable physical process orboth. In at least one embodiment, the unpredictable physical process maycome from a hardware chip or hardware circuit that uses photons as apart of the unpredictable process to create the cryptography keys.During authentication, if the acquired biometric print is an acceptablematch, then a sequence of transaction steps that make up the completetransaction may be initiated.

In embodiments using a secure area, the software that secure area 102executes may be embedded in secure memory 104. In an embodiment, thereis no operating system on the device or on secure area 102 of usersystem 101. In an alternative embodiment, there is an operating system.The secure biometric print device has a number of components, which aredescribed later. The security of the secure area 102 may be enhanced byany one of, any combination or of, or all of (1) the use of embeddedsoftware, (2) the lack of an operating system, and (3) the secure areabeing at least part of a self-contained device not connected to acomputer or the internet. For example, the unit that includes the securearea may contain its own processor. In an embodiment, the secure areamay not have any of these security enhancing features. The biometricsensor enables user system 101 to read biometric prints. The biometricsensor may include a fingerprint area sensor or a fingerprint sweepsensor, for example. In at least one embodiment, the biometric sensormay contain an optical sensor that may acquire one or more types ofbiometrics. In at least one embodiment, the biometric sensor may be amicrophone or other kind of sensor that receives acoustic information,such as a person's voice. In at least one embodiment, the sensor may bea device that acquires DNA or RNA. In an embodiment, secure processorsystem 106 may execute the software instructions, such as acquiring abiometric print from the sensor, matching an acquired biometric printagainst a stored biometric print, sending communication and controlcommands to a display, and/or encrypting the registration key andtransmitting the registration key to the administrator when the user andadministrator are not in the same physical location. By includingprocessor system 106 in secure area 102, the security is enhanced,because the external processor is given fewer chances to inspectcontents of secure area 102. Alternatively, secure area 102 may storesoftware instructions that are run by secure processor system 106.Processor system 106 performs the biometric print acquisition, and/orthe encryption or decryption. Alternatively, a specialized logic circuitis built that carries out the functions that the software causes theprocessors to perform, such as driving sensor 111 (which may be anacquisition unit, such as a biometric sensor).

Secure memory system 104 may contain non-volatile memory in addition tovolatile memory. Non-volatile memory enables the device to permanentlystore information for generating cryptography keys (encryption ordecryption). In another embodiment, secure memory system 104 may includememory on secure processor system 106. In another embodiment, the sensoror input system 110 and secure processor system 106 may be integratedinto a single chip. Alternatively, in another embodiment, the sensor ininput system 110 and secure processor system 106 may be two separatechips.

Content of Memory in Secure Area

FIG. 1B shows an embodiment of a block diagram of the contents of memorysystem 104 of FIG. 1A, Memory system 104 may include instructions 152,which in turn may include a setup routine 154, an authentication of userroutine 156, a secure transaction routine 158, having an initial requestroutine 160, a service provider authentication routine 162, and acompletion of transaction routine 164. Instructions 154 (of memory 104)may also include registration key generator 166, drivers 168, controller169, generate cryptography key 170, perturb cryptography key 174, hashfunctions 178, perturbing functions 180, and user interface 181. Memorysystem 104 may also store data 182, which may include biometric templateT 184, registration key R 186, current cryptography key K 188 andtransaction information S 192. In other embodiments, memory system 104may not have all of the elements or features listed and/or may haveother elements or features instead of, or in addition to, those listed.

Instructions 152 may include machine instructions implemented byprocessor 106. Setup routine 154 is a routine that handles the settingup of the user system 101, so that user system 101 may be used forperforming secure transactions. Setup routine 104 may collect a newuser's biometric print, and apply a hash function to the biometric print(and/or to other user information) to generate a registration key R. Inat least one embodiment, there may be specialized hardware in the securearea to help create unpredictableness used for the generation ofcryptography key(s), seed(s), and/or registration key(s). Alternatively,a registration key, seed, or cryptography key may be generated byapplying the hash function to the raw biometric print data, for example.Similarly, setup routine 154 may apply a hash function to authenticationinformation, such as a biometric print, to hardware noise produced by aphototransistor, and/or other user information or a combination of theseto generate an initial cryptography key. The setup routine 154 may alsosend the registration key and/or the cryptography key to the serviceprovider system 126. In another embodiment, the registration key Rand/or the initial cryptography key may be received from serviceprovider 126.

Authentication of user routine 156 may authenticate the user each timethe user attempts to use user system 101. This routine may call imageacquisition 173 to acquire a collection images for user authentication.For example, user system 101 may include a biometric sensor (e.g., assensor 111) that scans the user's biometric print, reduces the biometricprint to a template, and matches the newly derived biometric template toa stored template (which was obtain by setup routine 154). Then, if thestored template and the newly derived template match, the user isallowed to use user system 101.

In an alternative embodiment, a biometric print acquired may be directlymatched with a stored template. Alternatively or additionally,authentication of user routine 156 may require the user to enter apassword. If the password received and the password stored match, theuser is allowed to use user system 101.

Secure transaction routine 158 is a routine that implements the securetransaction. The initial request routine 160 is a first phase of securetransaction routine 158. One purpose of initial request routine 160 isto receive a selection of images known to the user and acting as a userauthentication that are difficult for malware to recognize or apprehendand transaction information entered and represented as images that aredifficult for malware to recognize or apprehend. The transactioninformation is encrypted with the cryptography key. The encryptedtransaction information and encrypted user authentication—bothrepresented as images before encryption—are sent to the serviceprovider. During initial request routine 160, the cryptography key mayperturbed to obtain a new cryptography key, respectively. In analternative embodiment, the cryptography key is not changed each time

Service provider authentication routine 162 authenticates theinformation provided by the service provider. The collection of images,representing the user's universal identifier or user authentication,received by service provider 126 to system 101 in reply to initialrequest 160 may be authenticated by service provider authenticationroutine 162.

Drivers 168 may include drivers for controlling input and outputdevices, such as the keyboard, a monitor, a pointing device (e.g., amouse and/or a touch pad), a biometric print sensor (for collectingbiometric prints). Controller 169 may include one or more machineinstructions for taking control of the keypad, monitor and/or networkinterface, so the transaction may be performed securely, without fear ofthe processor system 116 compromising security as a result of beingtaken over by malware sent from another machine.

Generate cryptography key 170 are machine instructions that generate anew cryptography key (e.g., by applying a function). In at least oneembodiment, the cryptography key is not updated after the initial step.Perturb cryptography key 174 perturbs the current cryptography key tothereby generate the next cryptography key.

Image acquisition 173 are machine instructions that acquire images.Image encrypt/decrypt are machine instructions that encrypt or decryptone or more images. In at least one embodiment, these images areencrypted before sending to service provider system 126. In at least oneembodiment, encrypted images are received from service provider system126 and decrypted with service provider system 126 before they aredisplayed to the user with image display 177. Image display 177 aremachine instructions that display one or more images to the user,utilizing user interface 181. In at least one embodiment, images aredisplayed on a screen of a mobile phone or PC. Image entry 179 aremachine instructions that determine which image a user has selected withhis or her finger on a touch sensitive screen or has selected with amouse.

Hash functions 178 may be one or more one-way functions, which may beused by generate registration key 166 for generating a registration keyfrom a biometric print and/or other user information. Those hashfunction(s) of hash functions 178 that are used by initial request 160,authentication of service provider routine 162, and completion oftransaction routine 164 may be the same as one another or different fromone another.

Perturbing functions 180 may include one or more perturbing functions,which may be used by perturb cryptography key 174. Different perturbingfunctions of perturbing functions 180 may be used during each initialrequest 160, authentication of service provider routine 162, and/orcompletion of transaction routine 164. In this specification anytime ahash function is mentioned or a perturbing function is mentioned anyother function may be substituted (e.g., any perturbing function may bereplaced with a hash function and any hash function may be replaced witha perturbing function) to obtain another embodiment. Optionally, anyperturbing function and/or hash function mentioned in this specificationmay be a one way function.

User Interface

User interface 181 provides a page, a web browser or another method ofdisplaying and entering information so that the user interface mayprovide one or more of the following functionalities, labeled with theletters A-F.

A. The user may view the transaction information being sent. B. The usermay enter instructions for sending transaction information. C. The usermay receive information about whether or the user authentication wasvalid. D. The user may enter or generate one or more images known by theuser and/or enter another biometric print or another type of userauthentication such as a PIN. E. The user may determine the currentstate in the transaction process. F. The user may read directions orenter information for the next step in the transaction process.

Data and Keys

Data 182 may include any data that is needed for implementing any of theroutines stored in memory 104. Biometric template T 184 may includetemplates, such as minutiae and/or other information characterizingbiometric prints of users, which may be used to authenticate the usereach time the user would like to use secure area 102 and/or system 101.Registration key R 186 may be generated by applying a hash function to acollection of images selected or generated by the user, biometricprint(s) and/or information derived from an unpredictable physicalprocess. In one embodiment, the unpredictable physical process may useone or more phototransistors, each of which senses photons.

Current cryptography key K 188 is the current cryptography key, whichmay be stored long enough for the next cryptography key to be generatedfrom the current cryptography key. Transaction information S 192 mayinclude information about a transaction that the user would like toperform. Service Provider System

FIG. 2A shows a block diagram of an embodiment of a service providersystem 200 in a system for securing transactions against cyber attacks.In an embodiment, service provider system 200 may include output system202, input system 204, memory system 206, processor system 208,communication system 212, and input/output system 214. In otherembodiments, the service provider system 200 may not have all thecomponents and/or may have other embodiments in addition to or insteadof the components listed above.

Service provider system 200 may be a financial institution or any othersystem such as a power plant, a power grid, or a nuclear plant or anyother system requiring secure access. In an embodiment, service providersystem 200 may be an embodiment of service provider system 126. Anyplace in this specification where service provider 126 is mentionedservice provider 200 may be substituted. Any place in this specificationwhere service provider 200 is mentioned service provider 126 may besubstituted. Service provider system 200 may include one or morewebservers, applications servers, and/or databases, which may be part ofa financial institution, for example.

Output system 202 may include any one of, some of, any combination of,or all of a monitor system, a handheld display system, a printer system,a speaker system, a connection or interface system to a sound system, aninterface system to peripheral devices and/or a connection and/orinterface system to a computer system, intranet, and/or internet, forexample.

Input system 204 may include any one of, some of, any combination of, orall of a keyboard system, a touch sensitive screen, a tablet pen, astylus, a mouse system, a track ball system, a track pad system, buttonson a handheld system, a scanner system, a microphone system, aconnection to a sound system, and/or a connection and/or interfacesystem to a computer system, intranet, and/or internet (e.g. IrDA, USB).

Memory system 206 may include may include, for example, any one of, someof, any combination of, or all of a long term storage system, such as ahard drive; a short term storage system, such as random access memory; aremovable storage system, such as a floppy drive or a removable drive;and/or flash memory. Memory system 206 may include one or moremachine-readable mediums that may store a variety of different types ofinformation. The term machine-readable medium is used to refer to anymedium capable carrying information that is readable by a machine. Oneexample of a machine-readable medium is a computer-readable medium.Another example of a machine-readable medium is paper having holes thatare detected that trigger different mechanical, electrical, and/or logicresponses. Memory 206 may include encryption/decryption code, algorithmsfor authenticating transaction information, for example (memory 206 isdiscussed further in conjunction with FIG. 2B).

Processor system 208 executes the secure transactions on system 200.Processor system 208 may include any one of, some of, any combinationof, or all of multiple parallel processors, a single processor, a systemof processors having one or more central processors and/or one or morespecialized processors dedicated to specific tasks. In an embodiment,processor system 208 may include a network interface to connect system200 to user system 101 via network 124. In an embodiment, processor 208may execute encryption and decryption algorithms,with which thetransaction information was encrypted. In an embodiment, processor 208may decrypt secure messages from user system 101 and/or encrypt messagessent to user system 101.

Communication system 212 communicatively links output system 202, inputsystem 204, memory system 206, processor system 208, and/or input/outputsystem 214 to each other. Communications system 212 may include any oneof, some of, any combination of, or all of electrical cables, fiberoptic cables, and/or means of sending signals through air or water (e.g.wireless communications), or the like. Some examples of means of sendingsignals through air and/or water include systems for transmittingelectromagnetic waves such as infrared and/or radio waves and/or systemsfor sending sound waves. In embodiment, memory system 206 may storeinstructions for system 200 to receive authenticated secure transactioninformation from user system 101.

Input/output system 214 may include devices that have the dual functionas input and output devices. For example, input/output system 214 mayinclude one or more touch sensitive screens, which display an image andtherefore are an output device and accept input when the screens arepressed by a finger or stylus, for example. The touch sensitive screenmay be sensitive to heat and/or pressure. One or more of theinput/output devices may be sensitive to a voltage or current producedby a stylus, for example. Input/output system 118 is optional, and maybe used in addition to or in place of output system 202 and/or inputdevice 204.

FIG. 2B shows an embodiment of a block diagram of the contents of memorysystem 206 of FIG. 2A, Memory system 206 may include instructions 220,which in turn may include a setup routine 222, an authentication of userroutine 224, a request for authentication routine 226, completion oftransaction routine 228, generate registration key 230, generatecryptography key 232, hash functions 242, and perturbing functions 244.Memory system 206 may also store data 245, which may includeregistration key R 246, current cryptography key K 248, and transactioninformation S 252. In other embodiments, memory system 206 may not haveall of the elements or features listed and/or may have other elements orfeatures instead of, or in addition to, those listed.

Setup routine 222 is a routine that handles the setting up of theservice provider system 200, so that service provider system 200 may beused for performing secure transactions. Setup routine 222 may receive aregistration key from the user system, which in turn may be used forgenerating the initial cryptography key.

In an alternative embodiment, the user may send the biometric print ortemplate of the biometric print to service provider system 200, andservice provider system 200 may generate the registration key from thebiometric print in the same manner that user system 101 generates theregistration key from the template of the biometric print or from thebiometric print and/or information obtained from an unpredictablephysical process (e.g., by setup routine 222 applying a hash function tothe biometric print and/or information derived from an unpredictablephysical process).

In another embodiment, the user may visit the location of serviceprovider, where the service provider may acquire a collection of imagesknown to the user, which is used by service provider system 200 for atleast partially creating the initial cryptography key.

Generate cryptography key 232 are machine instructions that generate anew cryptography key from (e.g., by applying a function, such as aperturbing function to) a prior cryptography key. Generate cryptographykey 232 may be the same routine as generate cryptography key 170 exceptthat generate cryptography key 232 is implemented at service provider200 and generate cryptography key 170 is implemented at user system 101.

Perturb cryptography key 236 may be the same as perturb cryptography key174, and perturb cryptography key 236 perturbs the current cryptographykey to thereby generate the next cryptography key

Hash functions 242 may be the same as hash functions 178. Hash functions242 may be one a way functions, which may be used by generatecryptography keys routine 230. Optionally, hash functions 242 mayinclude a different function for generate cryptography keys 230. Thosehash function(s) of hash functions 242 that are used by authenticationof user routine 224, request for authentication routine 226, andcompletion of transaction routine 228 may be the same as one another ordifferent from one another.

Different perturbing functions of perturbing functions 244 may be usedduring each of authentication of user routine 224, request forauthentication routine 226, and completion of transaction routine 228.Although perturbing functions 244 and hash functions 242 are indicatedas separate storage areas in from perturb cryptography key 236, theperturbing functions may just be stored as part of the code for perturbcryptography key 236.

Data 245 may include any data that is needed for implementing any of theroutines stored in memory 206. Registration key R 246 may be the same asregistration key 185 and may be generated by applying a hash function toa collection of images selected or generated by the user and/orbiometric print(s) and/or information from an unpredictable physicalprocess.

Current cryptography key K 248 may be the same as current cryptographykey 188, and may be the current cryptography key, which may be storedlong enough for the next cryptography key to be generated from thecurrent cryptography key.

Transaction information S 252 may be the same as transaction 192, andmay include information about a transaction that the user would like toperform. Transaction information S 252 may be received from user system101 and may be used to perform a transaction at service provider system200 on behalf of user system 101.

Setup of User System

FIG. 3 shows a flowchart of an embodiment of setting up user system 101for securing transactions. This user system method may be the setupperformed by user system 101 before enabling a user to execute securetransactions with a bank, financial institution or financial exchange.

In step 302, a sequence or collection of visual images that are easy toremember are obtained from the user. In an embodiment, some visualimages may be an image of an animal, an image of a car, an image of ahouse, an image of a place, an image of a person's name, an image of allor part of a bank logo. In at least one embodiment, this collection ofuniversal images may act as a universal identifier for the user. As anexample, the universal identifier for that particular user may becomposed of the following 7 images where order is not important: atrain, the Golden Gate bridge, pink sparkle shoes, chocolate ice creamin a waffle cone, one of the Wells Fargo stagecoach horses, an orange,and a visual image of the name Haley. An example of this visual image ofa name is displayed as a visual image as shown in FIG. 11. The universalidentifier may use a particular background texture or pattern that isdetermined by the user or service provider system during setup. FIG. 9shows examples of different textures. The visual image of Haley in FIG.11 is represented with a bubble texture against a foliation backgroundtexture.

In an embodiment, the universal identifier may be used to request fromthe user as user authentication. In an alternative embodiment, userauthentication may involve a subset of these images of the universalidentifier or different set of visual images.

In an alternative embodiment, biometric print information may beobtained from the user from a biometric sensor 111 in input system 110in order to establish a method of user authentication. The user setupmethod may also collect other setup information, such as a PersonalIdentification Number (PIN), or a password. The setup data that wascollected may be denoted as a T.

In step 304, the universal identifier and user authenticationinformation are encrypted and transmitted to the service providersystem. In at least one embodiment, this information is encrypted asvisual images and then sent back to the service provider system. In atleast one embodiment, a Diffie-Hellman key exchange is used to establishkeys to encrypt the universal identifier and user authenticationinformation.

In step 306, the user service provider receives the encrypted universalidentifier and user authentication information and decrypts them andstores them.

In step 308, user's account is initialized with user service providerand enabled for executing transactions.

Diffie-Hellman Key Exchange

A Diffie-Hellman key exchange is a key exchange method where two parties(Alice and Bob) that have no prior knowledge of each other jointlyestablish a shared secret key over an unsecure communications channel.Before the Diffie-Hellman key exchange is described it is helpful toreview the mathematical notion of a group. A group G is a set with abinary operation *, (g*g is denoted as g²; g*g*g*g*g is denoted as g⁵),such that the following four properties hold:

-   (i.) The binary operation * is closed on G. In other words, a*b lies    in G for all elements a and b in G.-   (ii.) The binary operation * is associative on G. a*(b*c)=(a*b)*c    for all elements a, b, and c in G-   (iii.) There is a unique identity element e in G. a*e=e*a=a.-   (iv). Each element a in G has a unique inverse denoted as a⁻¹.    a*a⁻¹=a⁻*a=e.

The integers { . . . , −2, −1, 0, 1, 2, . . . } with respect to thebinary operation + are an example of an infinite group. 0 is theidentity element. For example, the inverse of 5 is −5 and the inverse of−107 is 107.

The set of permutations on n elements {1, 2, . . . , n}, denoted asS_(n), is an example of a finite group with n! elements where the binaryoperation is function composition. Each element of S_(n) is a functionp:{1, 2, . . . , n}→{1, 2, . . . , n} that is 1 to 1 and onto. In thiscontext, p is called a permutation The identity permutation e is theidentity element in S_(n), where e(k)=k for each k in {1, 2, . . . , n}.

If H is a non-empty subset of a group G and H is a group with respect tothe binary group operation * of G, then H is called a subgroup of G. His a proper subgroup of G if H is not equal to G (i.e., H is a propersubset of G). G is a cyclic group if G has no proper subgroups.

The integers modulo n (i.e., Z_(n)={[0], [1], . . . [n−1]} are anexample of a finite group with respect to addition modulo n. If n=5,[4]+[4]=[3] in Z₅ because 5 divides (4+4)−3. Similarly, [3]+[4]=[3] inZ₅. Observe that Z₅ is a cyclic group because 5 is a prime number. Whenp is a prime number, 4 is a cyclic group containing p elements {[0],[1], . . . [p−1]}. [1] is called a generating element for cyclic groupZ_(p) since [1]^(m)=[m] where m is a natural number such that 0<m≦s p−1and [1]p=[0]. This multiplicative notation works as follows:[1]²=[1]+[1]; [1]³=[1]+[1]+[1]; and so on. This multiplicative notation(i.e. using superscripts) is used in the description of theDiffie-Hillman key exchange protocol described below.

There are an infinite number of cyclic groups and an infinite number ofthese cyclic groups are extremely large. The notion of extremely largemeans the following: if 2¹⁰²⁴ is considered to be an extremely largenumber based on the computing power of current computers, then there arestill an infinite number of finite cyclic groups with each cyclic groupcontaining more than 2¹⁰²⁴ elements.

Steps 1, 2, 3, 4, and 5 describe the Diffie-Hellman key exchange.

-   1. Alice and Bob agree on an extremely large, finite, cyclic group G    and a generating element g in G. (Alice and Bob sometimes agree on    finite, cyclic group G and element g long before the rest of the key    exchange protocol; g is assumed to be known by all attackers.) The    group G is written multiplicatively as explained previously.-   2. Alice picks a random natural number a and sends g^(a) to Bob.-   3. Bob picks a random natural number b and sends g^(b) to Alice.-   4. Alice computes (g^(b))^(a).-   5. Bob computes (g^(a))^(b).

Both Alice and Bob are now in possession of the group element g^(ab),which can serve as the shared secret key. The values of (g^(b))^(a) and(g^(a))^(b) are the same because g is an element of group G.

Alice can encrypt a message m, as mg^(ab), and sends mg^(ab) to Bob. Bobknows |G|, b, and g^(a). A result from group theory implies that theorder of every element of a group divides the number of elements in thegroup, denoted as |G|. This means x^(|G|)=1 for all x in G where 1 isthe identity element in G. Bob calculates (g^(a))^(|G|−b)=(g^(|G|))^(a)g^(−ab)=(g^(ab))⁻¹. After Bob receives the encrypted message mg^(ab)from Alice, then Bob applies (g^(ab))⁻¹ and decrypts the encryptedmessage by computing mg^(ab)(g^(ab))⁻¹=m.

The user and the service provider 126 agree upon a common key for theregistration key. The user then encrypts one of the common keys with theregistration key. The service provider 126 encrypts the common key withother information, which may be information specific to the user or arandom number, for example. Then the user sends the encrypted common key(that was encrypted by the user with the registration) to the serviceprovider 126, and the service provider 126 sends the encrypted commonkey that the service provider 126 encrypted to the user. Next, the userencrypts the encrypted common keys that was received from the serviceprovider 126 with the registration key, and the service provider 126encrypts the encrypted common key received from the user (which wasencrypted with the registration key) with the same information that wasused to encrypt the original copy of the common key of the serviceprovider 126. Thus, both the user and the service provider 126 will nowhave the common encrypted key derived from the registration key suppliedby the user and the information supplied by the service provider 126.The resulting encrypted common key may be used as the registration key(instead of the original registration key).

Optionally, the user system 101 and the service provider 126 may alsoagree upon a common key for the cryptography key. The common key of thecryptography key and registration key may be the same as one another ordifferent. The user system 101 then encrypts one of the common keys andthe cryptography key. The server encrypts the common key with otherinformation, which may be information specific to the user or a randomnumber for example (as was done for the registration key). Then the usersystem 101 sends the encrypted common key (that was encrypted by theuser with the cryptography key) to the service provider 126, and theservice provider 126 sends the encrypted common keys (which wasencrypted service provider 126) to the user. Next, the user encrypts theencrypted common key that were received from the service provider 126with the cryptography key, and the service provider 126 encrypts theencrypted common keys received from the user (which was alreadyencrypted with the cryptography key by the user) with the sameinformation that was used to encrypt the original copy of the commonkeys of the service provider 126. Thus, both the user and the serviceprovider 126 will now have the common key encrypted by the cryptographykey supplied by the user and the information supplied by the serviceprovider 126. The resulting encrypted common key may be used as thecryptography key (instead of the original cryptography key).

In other embodiments, the secure transmission may use elliptic curvecryptography which is similar to the Diffie-Hellman exchange describedpreviously. In other embodiments, the secure transmission ofcryptography key(s) K may use a camera that reads a proprietary patternfrom the user's display of the device after setup is complete. In anembodiment, the user's display is the screen of a mobile phone.

In at least one embodiment, the registration key R may be given to theadministrator in the same physical place, such as at a bank, or theregistration key may be mailed or electronically transmitted to theadministrator if setup is accomplished remotely. In some applications,the registration key may be encrypted first and then electronicallytransmitted or sent by mail. The service provider system 126 uses theregistration key R to generate the cryptography key (that serviceprovider system 126 received), and is used to compute the cryptographykey K as K=Φ^(j)(R) where j≧0 and stores cryptography key K for aparticular user in a secure area 102. The number j in the operatorΦ^(j)( ) is the number of times that the operator Φ( ) is applied to R.

Transaction Information for Exchanges

For a payment transaction, one item may be the name of the person orentity sending the money. In at least one embodiment, the transactionmay be a stock trade. In these embodiments, the stock account number maybe part of the transaction information. In at least one embodiment, theticker symbol of the stock—for example, GOOG—being bought or sold may bepart of the transaction information (or the name of a commodity or otheritem being purchased). The number of shares may be part of thetransaction information. The price per share (or unit price) at whichthe person wishes to buy or sell the shares may be an item of thetransaction information. If the stock purchase (or sale) is a limitorder, then an indication that the stock purchase is a limit order maybe an item of the transaction information. If the stock purchase (orsale) is a market order, then an indication that the purchase is amarket order may be an item of the transaction information. The name ofthe stock account (e.g. Ameritrade, Charles Schwab, etc.) or broker mayalso be an item of the transaction information.

Securely Executing a Financial Transaction

In at least one embodiment, there are transaction steps A and B, whichare executed to successfully complete a transaction. In at least oneembodiment, there are transaction steps A, B, and C, which are executedto successfully complete a transaction. FIG. 3A shows a flow chart oftransaction step A.

TRANSACTION STEP A. In at least one embodiment, the person looks for oneor more logos or visual images that helps person make sure that he orshe is communicating to the appropriate user's bank, financialinstitution or other service provider system. In an embodiment, theperson learns or creates this image that verifies the service providersystem during setup. When a transaction is requested by the person, userselects a collection or sequence of visual images that are easy toremember, and/or presents a biometric print match and/or a password orPIN, that are acquired by user system 101. This is referred to as userauthentication. The person (user) securely enters transactioninformation by selecting or choosing visual images that are difficultfor malware to read or recognize.

-   Step A.1 The person verifies in web browser or visual display that    her or she is communicating to the appropriate bank, financial    institution or other service provider system.-   Step A.2 The person enters their user authentication information    as a collection of visual images, a PIN or password or a biometric    print.-   Step A.3 The person enters a one-time sequence of letters, and/or a    one-time sequence of numbers or a one-time sequence of images    or a combination that is unique for this transaction and difficult    for malware to guess.-   Step A.4 The person selects and enters transaction information    into user system 101.-   Step A.5 Transaction information    is encrypted with key K denoted as E(    , K). User authentication information    is encrypted as E(    , K). One-time information information    is encrypted as E(    , K) and are then sent to service provider system.

There are many different methods for transmitting encrypted userauthentication E(

, K), encrypted unique information E(

, K) and encrypted transaction information E(

, K) to the administrator (bank) at service provider system 126. In onemethod, the user may wirelessly transmit the encrypted transactioninformation via a mobile phone to service provider system 126. In athird method, the user may submit or enter a collection of images andencrypted transaction information to the web browser of user system 101and use the Internet for transmission to the administrator (bank) atservice provider system 126. In many other methods, the user may submitthe user authentication and encrypted transaction information by someother electronic means, such as a fax machine or an ATM machine.

In at least one embodiment, the current time τ₁ is determined andprovided as transaction information. The current time τ₁ may be roundedto the nearest minute, for example. Optionally, the sender and receivermay compute the difference in time between the clock of the sender andthe clock of the receiver prior to sending a message in case the twoclocks are not sufficiently synchronized. In other embodiments, the timemay be rounded to the nearest 5 minutes, the nearest, 10 minute, or thenearest hour, for example. Here the reference time is GMT time. Forexample, if the exact time is 19:05 and 45 seconds GMT, then τ₁ is setto is 19:06 GMT. If the time is not correct or is too delayed from theoriginal time, then the transaction may be aborted.

TRANSACTION STEP B. The administrator (bank or financial institution)receives at service provider system 126 the encrypted transactioninformation, encrypted one-time information and encrypted userauthentication information. FIG. 3B shows a flow chart of transactionstep B.

Step B.1 The service provider system decrypts the user authenticationinformation

and checks that it is valid. If it is not valid, then the transaction isaborted. If the user authentication information is valid, then serviceprovider system 126 goes to step B.2.

Step B.2 The service provider decrypts E(

, K) and checks that the user was able to correctly recognize theone-time information

from the user's screen or web browser. If the one-time information

′ decrypted by the service provider system is not valid (i.e.,

′ doesn't match

), then the transaction is aborted. If the one-time information

′ decrypted by the service provider system is valid (i.e.,

′ matches

), then service provider system 126 goes to step B.3.

In at least one embodiment, the one-time information

is displayed on the user's screen in a way that is difficult torecognize or apprehend by malware but recognizable by a person.

Step B.3 The encrypted transaction information E(

, K) is decrypted and transaction

is executed.

Alternative Embodiment Transaction Steps C. and D.

TRANSACTION STEP C. The service provider system translates thetransaction information to a new collection of visual images

but that represent the same transaction information as

. The service provider system encrypts this new visual representation ofthe transaction information

as E(

, K) and sends E(

, K) back to the user system. The user system receives E(

, K), decrypts it and the user checks that

matches transaction information

. If

doesn't match transaction information

, then the user may abort the transaction.

Transaction Step D.

If

matches the original transaction information

submitted by the user, then the user sends a message to the serviceprovider to complete the transaction. There are a number of methods toimplement transaction step D.

In at least one embodiment, the cryptography key K may be updated,denoted as γ(K) on both sides. Then the encrypted transactioninformation E(

, γ(K)) or E(

, K) is sent from the administrator (bank) back to the user.

User Interface

In at least one embodiment, the user interface may implemented with aweb browser in a personal computer or in a mobile phone. User input suchas selecting letters, numbers or other input items may be accomplishedwith fingers on the glass screen of IPhone or Android phone. For a PC,the letters, number or other input items, may be entered with a mouseselecting appropriate letters as shown in FIG. 5 or 6. In at least oneembodiment, the display screen may be rendered with a glass screen in amobile phone such as an Android or IPhone. In other embodiments, thedisplay screen may use an LCD. In at least one embodiment, some or allof the financial institution members of SWIFT may be stored in terms ofpatterns or images in the memory of the service provider system. In atleast one embodiment, the user may use her or her fingers to scroll onthe screen and select one of the banks to make a transaction with. In atleast one embodiment, the user may use a mouse to scroll on the displayof the personal computer.

In at least one embodiment, the user may be an employee of the bank. Inat least one embodiment, the device may be used to securely execute wiretransfers between two banks In at least one embodiment, a visual imagesof letters that are difficult for malware to read may be displayed as akeyboard to be used by a person to enter a password or transactioninformation as shown in FIGS. 5 and 6. In at least one embodiment, thedisplay may enable the user to verify that the transaction informationis correct or has not been tampered with by malware before executing thetransaction.

Extensions and Alternatives

Each embodiment disclosed herein may be used or otherwise combined withany of the other embodiments disclosed. Any element of any embodimentmay be used in any embodiment. At least one embodiment of thisspecification includes all of the embodiments being used together exceptfor those that are mutually exclusive.

Although the invention has been described with reference to specificembodiments, it will be understood by those skilled in the art thatvarious changes may be made and equivalents may be substituted forelements thereof without departing from the true spirit and scope of theinvention. In addition, modifications may be made without departing fromthe essential teachings of the invention.

1. A method of securing a transaction comprising: transactioninformation is entered into a user system, the user system having aprocessor system having at least one processor, a communicationsinterface, and a memory system; the user selects or enters transactioninformation using images received from the service provider system. 2.The method of claim 1 wherein some of said images represent letters ornumbers.
 3. The method of claim 1 wherein at least one of said images isan image of an animal.
 4. The method of claim 1 wherein at least one ofsaid images has color or texture.
 5. The method of claim 1 whereinone-time information is communicated with said images.
 6. The method ofclaim 1 wherein at least one of said images is at least part of a logo.7. The method of claim 1 wherein said service provider encrypts one ormore said images before transmitting them to said user system.
 8. Themethod of claim 1 wherein a user looks at one or more images to checkthat service provider is valid.
 9. The method of claim 1 wherein atleast some of said images are used as a universal identifier for saiduser.
 10. The method of claim 1 wherein said service provider is a bankor financial exchange.
 11. The method of claim 1, wherein at least onesaid visual image is of at least part of a human face that expresses asmile.
 12. The method of claim 1 wherein noise is combined with saidimages and the noise is generated using quantum randomness.
 13. A methodfor determining whether to grant access to a secure entity comprising:generating visual images and displaying said images on a screen; and auser selecting said visual images from said display screen; wherein saiddetermining uses a processor system having a least one processor, acommunications interface, and a memory system.
 14. The method of claim13 wherein said screen is a touch sensitive screen and the user selectssaid images with his or her fingers.
 15. The method of claim 13 wherethe order of said visual images is randomly permuted based on anon-deterministic process generated by hardware.
 16. The method of claim15 wherein said hardware is part of the web server.
 17. The method ofclaim 13 wherein said visual images are randomly generated by a webserver and transmitted to a mobile phone or PC.
 18. The method of claim13 wherein noise is combined with the visual images and said noise isgenerated using quantum randomness.
 19. The method of claim 13 whereinat least one of said images is an image of an animal.
 20. The method ofclaim 13 wherein at least one of said images has texture.
 21. The methodof claim 13 wherein at least one of said images has color.